Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (Gozi C&C)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (Gozi C&C)"; tls_cert_fingerprint; content:"aa:67:d3:da:a2:2f:c2:55:6b:1e:81:77:fb:ac:bb:b2:4f:66:85:77"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/aa67d3daa22fc2556b1e8177fbacbbb24f668577/; sid:903202378; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules